Re: RST packets as good network management

[David Farber <dave () farber net>]

________________________________________
From: Joe Touch [touch () ISI EDU]
Sent: Thursday, April 24, 2008 12:35 PM
To: David P. Reed
Cc: David Farber; Brett Glass
Subject: Re: [IP] Re:  RST packets as good network management

Dave (et al.),

David P. Reed wrote:
> ...
> Regarding the use of "forgery" as a term, I agree with you that it
> overly politicizes the discussion.  I would prefer "deliberate
> non-standard use with the intention to disrupt communications".

I agree that sending RSTs to shut down a connection - in general - is
just nonstandard use. FINs are the standard way. However, this isn't the
valid endpoint sending the RST; this is an intermediary forging it.

There are standard ways of shutting connections that don't require
forgery, e.g., ICMPs. Unfortunately, the ISPs can't rely on ICMP transit
because they pioneered filtering ICMPs out. Once we all start using
authentication E2E (and we're getting there), these forging attacks will
be exposed more widely.

Your definition of forgery above translates ANY illegal activity of ANY
severity into "nonstandard use of X to disrupt Y". Let's please not
react to "over politicizing" with "excessive application of political
correctness". Or are you next going to try to sell us that a
"nonstandard distruptive packet" (forgery) merely results in
"differently-abled connections" (disabling TCP)?

Joe

-------------------------------------------
Archives: http://www.listbox.com/member/archive/247/=now
RSS Feed: http://www.listbox.com/member/archive/rss/247/
Powered by Listbox: http://www.listbox.com